|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 118
Members: 0
Total: 118
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
ARP Poisoning |
|
Posted: Wed May 19, 2004 10:24 pm |
|
|
icenix |
Advanced user |
|
|
Joined: May 13, 2004 |
Posts: 106 |
Location: Australia |
|
|
|
|
|
|
im surprised it isnt used more often.
on networks it can be devestating...has anyone actually had any sucsessfull results?
from memory... You can Shift MAC Addresses and point traffic towards a host. then with a sniffer...capture all sorts of information.
anyone had much experience with this?
Post your replys here with experiences you have had..
cheers all |
|
|
|
|
Posted: Wed May 19, 2004 10:52 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
ARP Poisoning aka MAC Flooding - i have experience with that
In nowadays many LAN-s have built on switches and therefore you just can't sniff traffic without cheating the switches. But beware, IDS can detect such malicious traffic, as MAC flooding, and this is not good, when you want to stay invisible. |
|
|
|
|
|
hrmm |
|
Posted: Thu May 20, 2004 2:07 am |
|
|
icenix |
Advanced user |
|
|
Joined: May 13, 2004 |
Posts: 106 |
Location: Australia |
|
|
|
|
|
|
yeah i guess so, but this network crew isnt the smartest ever.
im talking bout a school here
if i can direct traffic from this 1IP to me and gather some MD5's that would be reall handy
its a reall pain in the ass since they have installed a Packet filter on this server... So i plan on disabling it.
Just checking if anyones had any sucsesfull experiences
peace out all
icenix |
|
|
|
|
|
I use Cain & Able |
|
Posted: Wed Jun 09, 2004 2:56 am |
|
|
slimjim100 |
Valuable expert |
|
|
Joined: Jun 09, 2004 |
Posts: 208 |
Location: USA |
|
|
|
|
|
|
Hey Icenix,
I use Cain & Able to spoof/Poison IP&MAC. It?s really handy when you have a Non-manageable switch at a customer?s site. I just start Cain, turn on spoofing then load up Etherpeek and I can see all traffic on a subnet. I have done this for white hat reasons (Sniffing to prove that a customer has a virus scanning there network). But it can also be used to harvest passwords. With the latest version of Cain supporting Rainbow tables and with Able allowing you to remote command prompt other computers in your subnet you could do all kinds of damage. I would recommend being careful as WarAxe said IDS will see you and report it to the admin. Well have fun!
Slimjim100 |
|
|
|
|
|
|
|
|
Posted: Thu Jan 13, 2005 1:43 pm |
|
|
qr4t |
Regular user |
|
|
Joined: Nov 21, 2004 |
Posts: 11 |
Location: Estonia |
|
|
|
|
|
|
Well i have some experience with ARP poisoning also. I never thought it is so easy. I just installed Cain&Abel and started it and waited. After some minutes i started receiving passwords from my LAN. I was really surprised that it is SO easy Encouraged of this success, i installed Cain&Abel in my hostel where is almost 100 pc-s in LAN. I got tons of passwords there in a minutes |
|
|
|
|
www.waraxe.us Forum Index -> M$ Windows
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|